Overview
overview
10Static
static
10XWorm V5.2...ox.dll
windows7-x64
1XWorm V5.2...ox.dll
windows10-2004-x64
1XWorm V5.2/Fixer.bat
windows7-x64
1XWorm V5.2/Fixer.bat
windows10-2004-x64
1XWorm V5.2...re.dll
windows7-x64
1XWorm V5.2...re.dll
windows10-2004-x64
1XWorm V5.2...ms.dll
windows7-x64
1XWorm V5.2...ms.dll
windows10-2004-x64
1XWorm V5.2...I2.dll
windows7-x64
1XWorm V5.2...I2.dll
windows10-2004-x64
1XWorm V5.2...or.dll
windows7-x64
1XWorm V5.2...or.dll
windows10-2004-x64
1XWorm V5.2...db.dll
windows7-x64
1XWorm V5.2...db.dll
windows10-2004-x64
1XWorm V5.2...db.dll
windows7-x64
1XWorm V5.2...db.dll
windows10-2004-x64
1XWorm V5.2...ks.dll
windows7-x64
1XWorm V5.2...ks.dll
windows10-2004-x64
1XWorm V5.2...il.dll
windows7-x64
1XWorm V5.2...il.dll
windows10-2004-x64
1XWorm V5.2...ts.dll
windows7-x64
1XWorm V5.2...ts.dll
windows10-2004-x64
1XWorm V5.2...re.dll
windows7-x64
1XWorm V5.2...re.dll
windows10-2004-x64
1XWorm V5.2...rs.dll
windows7-x64
1XWorm V5.2...rs.dll
windows10-2004-x64
1XWorm V5.2...ed.dll
windows7-x64
1XWorm V5.2...ed.dll
windows10-2004-x64
1XWorm V5.2...ls.dll
windows7-x64
1XWorm V5.2...ls.dll
windows10-2004-x64
1XWorm V5.2/NAudio.dll
windows7-x64
1XWorm V5.2/NAudio.dll
windows10-2004-x64
1Analysis
-
max time kernel
97s -
max time network
214s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
27-04-2024 01:25
Behavioral task
behavioral1
Sample
XWorm V5.2/FastColoredTextBox.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
XWorm V5.2/FastColoredTextBox.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral3
Sample
XWorm V5.2/Fixer.bat
Resource
win7-20240220-en
Behavioral task
behavioral4
Sample
XWorm V5.2/Fixer.bat
Resource
win10v2004-20240426-en
Behavioral task
behavioral5
Sample
XWorm V5.2/GMap.NET.Core.dll
Resource
win7-20231129-en
Behavioral task
behavioral6
Sample
XWorm V5.2/GMap.NET.Core.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral7
Sample
XWorm V5.2/GMap.NET.WindowsForms.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
XWorm V5.2/GMap.NET.WindowsForms.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral9
Sample
XWorm V5.2/Guna.UI2.dll
Resource
win7-20240419-en
Behavioral task
behavioral10
Sample
XWorm V5.2/Guna.UI2.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
XWorm V5.2/IconExtractor.dll
Resource
win7-20240419-en
Behavioral task
behavioral12
Sample
XWorm V5.2/IconExtractor.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral13
Sample
XWorm V5.2/Mono.Cecil.Mdb.dll
Resource
win7-20240220-en
Behavioral task
behavioral14
Sample
XWorm V5.2/Mono.Cecil.Mdb.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral15
Sample
XWorm V5.2/Mono.Cecil.Pdb.dll
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
XWorm V5.2/Mono.Cecil.Pdb.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral17
Sample
XWorm V5.2/Mono.Cecil.Rocks.dll
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
XWorm V5.2/Mono.Cecil.Rocks.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral19
Sample
XWorm V5.2/Mono.Cecil.dll
Resource
win7-20231129-en
Behavioral task
behavioral20
Sample
XWorm V5.2/Mono.Cecil.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral21
Sample
XWorm V5.2/MonoMod.Backports.dll
Resource
win7-20240215-en
Behavioral task
behavioral22
Sample
XWorm V5.2/MonoMod.Backports.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral23
Sample
XWorm V5.2/MonoMod.Core.dll
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
XWorm V5.2/MonoMod.Core.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral25
Sample
XWorm V5.2/MonoMod.ILHelpers.dll
Resource
win7-20240215-en
Behavioral task
behavioral26
Sample
XWorm V5.2/MonoMod.ILHelpers.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral27
Sample
XWorm V5.2/MonoMod.Iced.dll
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
XWorm V5.2/MonoMod.Iced.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral29
Sample
XWorm V5.2/MonoMod.Utils.dll
Resource
win7-20240419-en
Behavioral task
behavioral30
Sample
XWorm V5.2/MonoMod.Utils.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral31
Sample
XWorm V5.2/NAudio.dll
Resource
win7-20240220-en
Behavioral task
behavioral32
Sample
XWorm V5.2/NAudio.dll
Resource
win10v2004-20240419-en
General
-
Target
XWorm V5.2/FastColoredTextBox.dll
-
Size
333KB
-
MD5
b746707265772b362c0ba18d8d630061
-
SHA1
4b185e5f68c00bef441adb737d0955646d4e569a
-
SHA256
3701b19ccdac79b880b197756a972027e2ac609ebed36753bd989367ea4ef519
-
SHA512
fd67f6c55940509e8060da53693cb5fbac574eb1e79d5bd8f9bbd43edbd05f68d5f73994798a0eed676d3e583e1c6cde608b54c03604b3818520fa18ad19aec8
-
SSDEEP
6144:4FErOIif3RzSHh+20lXs1TzCeBcQeDbNlz7:eEeR52bmeh0n
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
chrome.exepid process 2652 chrome.exe 2652 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 2652 chrome.exe Token: SeShutdownPrivilege 2652 chrome.exe Token: SeShutdownPrivilege 2652 chrome.exe Token: SeShutdownPrivilege 2652 chrome.exe Token: SeShutdownPrivilege 2652 chrome.exe Token: SeShutdownPrivilege 2652 chrome.exe Token: SeShutdownPrivilege 2652 chrome.exe Token: SeShutdownPrivilege 2652 chrome.exe Token: SeShutdownPrivilege 2652 chrome.exe Token: SeShutdownPrivilege 2652 chrome.exe Token: SeShutdownPrivilege 2652 chrome.exe Token: SeShutdownPrivilege 2652 chrome.exe Token: SeShutdownPrivilege 2652 chrome.exe Token: SeShutdownPrivilege 2652 chrome.exe Token: SeShutdownPrivilege 2652 chrome.exe Token: SeShutdownPrivilege 2652 chrome.exe Token: SeShutdownPrivilege 2652 chrome.exe Token: SeShutdownPrivilege 2652 chrome.exe Token: SeShutdownPrivilege 2652 chrome.exe Token: SeShutdownPrivilege 2652 chrome.exe Token: SeShutdownPrivilege 2652 chrome.exe Token: SeShutdownPrivilege 2652 chrome.exe Token: SeShutdownPrivilege 2652 chrome.exe Token: SeShutdownPrivilege 2652 chrome.exe Token: SeShutdownPrivilege 2652 chrome.exe Token: SeShutdownPrivilege 2652 chrome.exe Token: SeShutdownPrivilege 2652 chrome.exe Token: SeShutdownPrivilege 2652 chrome.exe Token: SeShutdownPrivilege 2652 chrome.exe Token: SeShutdownPrivilege 2652 chrome.exe Token: SeShutdownPrivilege 2652 chrome.exe Token: SeShutdownPrivilege 2652 chrome.exe Token: SeShutdownPrivilege 2652 chrome.exe Token: SeShutdownPrivilege 2652 chrome.exe Token: SeShutdownPrivilege 2652 chrome.exe Token: SeShutdownPrivilege 2652 chrome.exe Token: SeShutdownPrivilege 2652 chrome.exe Token: SeShutdownPrivilege 2652 chrome.exe Token: SeShutdownPrivilege 2652 chrome.exe Token: SeShutdownPrivilege 2652 chrome.exe Token: SeShutdownPrivilege 2652 chrome.exe Token: SeShutdownPrivilege 2652 chrome.exe Token: SeShutdownPrivilege 2652 chrome.exe Token: SeShutdownPrivilege 2652 chrome.exe Token: SeShutdownPrivilege 2652 chrome.exe Token: SeShutdownPrivilege 2652 chrome.exe Token: SeShutdownPrivilege 2652 chrome.exe Token: SeShutdownPrivilege 2652 chrome.exe Token: SeShutdownPrivilege 2652 chrome.exe Token: SeShutdownPrivilege 2652 chrome.exe Token: SeShutdownPrivilege 2652 chrome.exe Token: SeShutdownPrivilege 2652 chrome.exe Token: SeShutdownPrivilege 2652 chrome.exe Token: SeShutdownPrivilege 2652 chrome.exe Token: SeShutdownPrivilege 2652 chrome.exe Token: SeShutdownPrivilege 2652 chrome.exe Token: SeShutdownPrivilege 2652 chrome.exe Token: SeShutdownPrivilege 2652 chrome.exe Token: SeShutdownPrivilege 2652 chrome.exe Token: SeShutdownPrivilege 2652 chrome.exe Token: SeShutdownPrivilege 2652 chrome.exe Token: SeShutdownPrivilege 2652 chrome.exe Token: SeShutdownPrivilege 2652 chrome.exe Token: SeShutdownPrivilege 2652 chrome.exe -
Suspicious use of FindShellTrayWindow 36 IoCs
Processes:
chrome.exepid process 2652 chrome.exe 2652 chrome.exe 2652 chrome.exe 2652 chrome.exe 2652 chrome.exe 2652 chrome.exe 2652 chrome.exe 2652 chrome.exe 2652 chrome.exe 2652 chrome.exe 2652 chrome.exe 2652 chrome.exe 2652 chrome.exe 2652 chrome.exe 2652 chrome.exe 2652 chrome.exe 2652 chrome.exe 2652 chrome.exe 2652 chrome.exe 2652 chrome.exe 2652 chrome.exe 2652 chrome.exe 2652 chrome.exe 2652 chrome.exe 2652 chrome.exe 2652 chrome.exe 2652 chrome.exe 2652 chrome.exe 2652 chrome.exe 2652 chrome.exe 2652 chrome.exe 2652 chrome.exe 2652 chrome.exe 2652 chrome.exe 2652 chrome.exe 2652 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
Processes:
chrome.exepid process 2652 chrome.exe 2652 chrome.exe 2652 chrome.exe 2652 chrome.exe 2652 chrome.exe 2652 chrome.exe 2652 chrome.exe 2652 chrome.exe 2652 chrome.exe 2652 chrome.exe 2652 chrome.exe 2652 chrome.exe 2652 chrome.exe 2652 chrome.exe 2652 chrome.exe 2652 chrome.exe 2652 chrome.exe 2652 chrome.exe 2652 chrome.exe 2652 chrome.exe 2652 chrome.exe 2652 chrome.exe 2652 chrome.exe 2652 chrome.exe 2652 chrome.exe 2652 chrome.exe 2652 chrome.exe 2652 chrome.exe 2652 chrome.exe 2652 chrome.exe 2652 chrome.exe 2652 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 2652 wrote to memory of 2664 2652 chrome.exe chrome.exe PID 2652 wrote to memory of 2664 2652 chrome.exe chrome.exe PID 2652 wrote to memory of 2664 2652 chrome.exe chrome.exe PID 2652 wrote to memory of 2512 2652 chrome.exe chrome.exe PID 2652 wrote to memory of 2512 2652 chrome.exe chrome.exe PID 2652 wrote to memory of 2512 2652 chrome.exe chrome.exe PID 2652 wrote to memory of 2512 2652 chrome.exe chrome.exe PID 2652 wrote to memory of 2512 2652 chrome.exe chrome.exe PID 2652 wrote to memory of 2512 2652 chrome.exe chrome.exe PID 2652 wrote to memory of 2512 2652 chrome.exe chrome.exe PID 2652 wrote to memory of 2512 2652 chrome.exe chrome.exe PID 2652 wrote to memory of 2512 2652 chrome.exe chrome.exe PID 2652 wrote to memory of 2512 2652 chrome.exe chrome.exe PID 2652 wrote to memory of 2512 2652 chrome.exe chrome.exe PID 2652 wrote to memory of 2512 2652 chrome.exe chrome.exe PID 2652 wrote to memory of 2512 2652 chrome.exe chrome.exe PID 2652 wrote to memory of 2512 2652 chrome.exe chrome.exe PID 2652 wrote to memory of 2512 2652 chrome.exe chrome.exe PID 2652 wrote to memory of 2512 2652 chrome.exe chrome.exe PID 2652 wrote to memory of 2512 2652 chrome.exe chrome.exe PID 2652 wrote to memory of 2512 2652 chrome.exe chrome.exe PID 2652 wrote to memory of 2512 2652 chrome.exe chrome.exe PID 2652 wrote to memory of 2512 2652 chrome.exe chrome.exe PID 2652 wrote to memory of 2512 2652 chrome.exe chrome.exe PID 2652 wrote to memory of 2512 2652 chrome.exe chrome.exe PID 2652 wrote to memory of 2512 2652 chrome.exe chrome.exe PID 2652 wrote to memory of 2512 2652 chrome.exe chrome.exe PID 2652 wrote to memory of 2512 2652 chrome.exe chrome.exe PID 2652 wrote to memory of 2512 2652 chrome.exe chrome.exe PID 2652 wrote to memory of 2512 2652 chrome.exe chrome.exe PID 2652 wrote to memory of 2512 2652 chrome.exe chrome.exe PID 2652 wrote to memory of 2512 2652 chrome.exe chrome.exe PID 2652 wrote to memory of 2512 2652 chrome.exe chrome.exe PID 2652 wrote to memory of 2512 2652 chrome.exe chrome.exe PID 2652 wrote to memory of 2512 2652 chrome.exe chrome.exe PID 2652 wrote to memory of 2512 2652 chrome.exe chrome.exe PID 2652 wrote to memory of 2512 2652 chrome.exe chrome.exe PID 2652 wrote to memory of 2512 2652 chrome.exe chrome.exe PID 2652 wrote to memory of 2512 2652 chrome.exe chrome.exe PID 2652 wrote to memory of 2512 2652 chrome.exe chrome.exe PID 2652 wrote to memory of 2512 2652 chrome.exe chrome.exe PID 2652 wrote to memory of 2512 2652 chrome.exe chrome.exe PID 2652 wrote to memory of 3060 2652 chrome.exe chrome.exe PID 2652 wrote to memory of 3060 2652 chrome.exe chrome.exe PID 2652 wrote to memory of 3060 2652 chrome.exe chrome.exe PID 2652 wrote to memory of 2980 2652 chrome.exe chrome.exe PID 2652 wrote to memory of 2980 2652 chrome.exe chrome.exe PID 2652 wrote to memory of 2980 2652 chrome.exe chrome.exe PID 2652 wrote to memory of 2980 2652 chrome.exe chrome.exe PID 2652 wrote to memory of 2980 2652 chrome.exe chrome.exe PID 2652 wrote to memory of 2980 2652 chrome.exe chrome.exe PID 2652 wrote to memory of 2980 2652 chrome.exe chrome.exe PID 2652 wrote to memory of 2980 2652 chrome.exe chrome.exe PID 2652 wrote to memory of 2980 2652 chrome.exe chrome.exe PID 2652 wrote to memory of 2980 2652 chrome.exe chrome.exe PID 2652 wrote to memory of 2980 2652 chrome.exe chrome.exe PID 2652 wrote to memory of 2980 2652 chrome.exe chrome.exe PID 2652 wrote to memory of 2980 2652 chrome.exe chrome.exe PID 2652 wrote to memory of 2980 2652 chrome.exe chrome.exe PID 2652 wrote to memory of 2980 2652 chrome.exe chrome.exe PID 2652 wrote to memory of 2980 2652 chrome.exe chrome.exe PID 2652 wrote to memory of 2980 2652 chrome.exe chrome.exe PID 2652 wrote to memory of 2980 2652 chrome.exe chrome.exe PID 2652 wrote to memory of 2980 2652 chrome.exe chrome.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm V5.2\FastColoredTextBox.dll",#11⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6eb9758,0x7fef6eb9768,0x7fef6eb97782⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1148 --field-trial-handle=1280,i,14544540600516092225,14527752676978987050,131072 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1496 --field-trial-handle=1280,i,14544540600516092225,14527752676978987050,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1584 --field-trial-handle=1280,i,14544540600516092225,14527752676978987050,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2120 --field-trial-handle=1280,i,14544540600516092225,14527752676978987050,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2108 --field-trial-handle=1280,i,14544540600516092225,14527752676978987050,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1452 --field-trial-handle=1280,i,14544540600516092225,14527752676978987050,131072 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3176 --field-trial-handle=1280,i,14544540600516092225,14527752676978987050,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3420 --field-trial-handle=1280,i,14544540600516092225,14527752676978987050,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3544 --field-trial-handle=1280,i,14544540600516092225,14527752676978987050,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3544 --field-trial-handle=1280,i,14544540600516092225,14527752676978987050,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2056 --field-trial-handle=1280,i,14544540600516092225,14527752676978987050,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
363B
MD55d2f2ced08dd067f53f8b0c38ed420d2
SHA1e0f71bd903c3f495be2c69a9318285c36902c4ee
SHA256e4ad1f1331db8c22bf92d388fa7c6811557b1e3039faf46ec1c0de1cdf4fb9c5
SHA51293bf39246f03d1b36052bf007ac9f4ec1aceb830e0e0a9d03f0ba08b16ad9ffb318bab7c57fbecd017f98f8f2df1f6248b9e329d37fe5d2d08b402beb369ec64
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
5KB
MD5413ebe8d96d472b5c57b5348bec6b5a2
SHA1fe2d14f1a9f3e325f45c96769855cb5acb885dfa
SHA25683c16252d4c9afcd6dfe5d283fc1bc7b9556991c55f149244d7db78c4c4493f1
SHA51226efcbf3e01e619bde9e8b948c20c287d43b27a8be14384c5403f42d4fca86f48e128498658a3ba9f891ef229df2d93b29153d2c0f01ea51910c4f9d5ae40897
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
5KB
MD5f2f58fd31063a60e98678617d7e92737
SHA1e01f292a3158315559619e21486ae4256c465676
SHA256b5c1df2d5bdac4b7e1fd995cd8641e001f9049ff56bbd93069a31e09610ce90c
SHA5121ace73ac418019b282fae313d977b02cab01a840bad323c4503ccadbb4825034d7546e61c1c1f7bd052bbbdd9d69fc9fb02d86c8d6ef40398311eac076898f62
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
5KB
MD5db9b575342367271cc3be802fcaf3ed3
SHA112168b785853b05a7f6534b0b472d9169bc79c6f
SHA256aee492333e9b0d1e43223f14a1204db5e016b29faa52350aa4cad8edc12443ac
SHA5123ba87dd3f3fa23caf99c5bb43f65a5192484fca84ec7c8e225dbe7491eb26a60672335aa6d0caa9d376a6a44ce26acf5cf735c778264d9a5fbfc7039a63740c5
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmpFilesize
16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2
-
\??\pipe\crashpad_2652_LXBQRPQYFQIDDGOLMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e